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(57) ABSTRACT 

A system, portable device, server, apparatus and method for 
controlling access to a secure location or container, or for 
controlling access to selected television programs or classes 
of programs. The invention provides a system for controlling 
access to a facility, comprising a portable communicating 
device, a server means, and one or more access control 
devices in communication across a network, data storage 
means available to said server means for storing access 
control data, said server means being adapted to receive 
access requests identifying a user of said portable commu- 
nicating means and including: generating means within said 
server means for generating access criteria from said access 
control data according to said user's identity, and commu- 
nicating means for communicating said access criteria to at 
least one of said access control means and said portable 
communicating means, wherein said access control means is 
adapted to permit access responsive to said user satisfying 
said access criteria. 

9 Claims, 2 Drawing Sheets 
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FIG. 1 
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FIG. 2 
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SYSTEM, APPARATUS AND METHOD FOR or more access control devices in comnaunicalion across a 

CONTROLLING ACCESS network, data storage means available to said server means 

for storing access control data, said server means being 
adapted to receive access requests identifying a user of said 
FIELD OF THE INVENTION 5 portable communicating means and including: generating 

^ ... , . , means within said server means for generating access cri- 

The present invention is concerned with a system, appa- ^^^^ ^^j^ ^^^^ ^^^^ according to said user's 

ratus and method for contro bng access to facilities by communicating means for communicating said 

potential users of those facilities, for example physical ^.^cess criteria to at least one of said access control means 
access to a buildmg or secure area or container or access to ^^ communicating means, wherein said 

a particular computer system, or to a particular television ^^^^ ^^^.^^j ^^^^ ^^^pj^ ^^^^^ responsive 
program. ^^^^ satisfying said access criteria. 

BACKGROUND OF THE INVENTION Preferably, in a system as described, said access control 

means includes a bio-metric security system and said access 
Conventionally, access to buildings and other facilities is 15 criteria include bio-metric data associated with said user and 
by means of locks and keys, and by other means analogous g^id communicating means communicates said bio-metric 
to locks and keys. Examples are badge locks, cipher locks on jata from said server means to one or more access control 
which a password or number can be entered and, more means. 

recently, locks having sensors equipped to sense biometric n r ui 1 • • * 

.r ^ , , Preferably also said communicatme means communicates 

data and verify the user s authorization to enter or use the 20 ^^:a u\ ^Z:^ ^^^,.,:t„ ^.r^*^™ 

- . , , . instructions to operate said bio-metnc security system to 

facility on that basis. j * ui ■ »• 

said portable communicating means. 

Similarly, facilities such as computer systems may be , r j * • * -j r i * • 

,/ , , Alternatively, a preferred feature is that said facility is a 

protected by pa^words, and set-top television control boxes ^^^^^^ ^^-^^^^ -^^^^^^ ^ 

or Internet-capable computers may be controlled by a pass- 1 1 j j ^ • • . 

1 - t ./ , , y™^r^ . lock code and said communicatme means communicates 

word or personal identification number (PIN) to ensure that, 25 • 1 • . 1 1 1 r 1 , • i « ui 

r ^ , ^ I X • said cipher lock code from said server means to said portable 

tor example, children cannot access material that their . n r ui 1 * * 

^ , . rt rr communicating means. Preterably also, in a system as 

parents or guardians determine might be harmful or olfen- described, said generating means generates a cipher lock 

code each time access is to be permitted and said commu- 

AU these systems have the disadvantage that the conven- nicating means communicates said cipher lock code from 

tional lock-and-key combination is static and locally g^id server means to said access control means. 

controlled, and any data contained within the lock mecha- a a ♦u u *■ ■ ♦ u . j u ^ 

' . , , , - A further alternative is to have a system as described 

nism IS not easy or quick to update or change to cater for . . ^ . . -j ,1 

, / ^ ^ wherein said facility IS a television set, said access control 

rapid changes in circumstances. . . . u j j . 1 ^ * • 1 ^ 

^ * means is a set-top box and said access control data includes 

In addition, such static solutions are typicaUy only useful one or more user identities associated with ratings data and 

in controlling access to a single facility: communicating means communicates access criteria 

a single building or complex of buildings located near one generated therefrom from said server means to said access 

another, or a single computing system or set-top box, control device. 

for example. The process of adding new access points ^uch a system, it is advantageous to have means for 

may require re-cabling with dedicated cables. Also, the 40 modifying said access criteria, and it is also advantageous to 

process of authorizing a new user often requires that the ^ave means for deleting said access criteria after use by said 

new user go to a security control oflSce to be identified y^^j- 

and be given a password or a valid key-badge, for , , , u j •* • e j * *j * 1 

, t r r ■ 1- In a system as described it is preferred that said network 

example. In the case 01 secure tacilities on a busmess • .u t * » 

. , . . , IS the Internet, 

or industrial site, this can involve moving a consider- 45 

able distance from the proposed point of entry to a system may advantageously further comprise secure 

distant security office, where the user must be identified verification means for verifying said user's identity, and also 

and issued with an appropriate badge or informed of a advantageously may have encryption means for encrypting 

cipher-lock key, or where biometric data must be taken communications between said portable communicating 

and entered into the recognition system for use at the 50 ^^'^ ^^^^^ "^^^"^ ^^^^ ^^^^ 

proposed point of entry. The user then has to make the In a second aspect, the present invention provides por- 

return journey to the proposed point of access. table apparatus for obtaining access to a facility, said appa- 

Such procedures are time consuming and appear ratus being adapted to communicate over a network; the 

unfriendly to expected visitors, who may be given an apparatus comprising display means for displaying an access 

unfavourable impression of the organisation with whom 55 control display screen, requesting means for requesting from 

they are doing business. Iliey also carry the inherent dis- a server access to a facility, and receiving means for receiv- 

advantages of a potential for lost badges being misused, ing information from said server for use by a user to satisfy 

cipher-lock keys being forgotten or exposed by being written access control criteria. 

down by those who fear they might forget, and the need to A preferred feature of the second aspect of the present 

employ extra staff to process requests for access. No simple, invention is to have portable apparatus as described wherein 

automated method has been available up to the present to said network is the Internet, said display means is a browser, 

alleviate these problems. and said access control display screen is an Internet web 

page. 

It is advantageous also to have portable apparatus as 

Accordingly, in a first aspect, the present invention pro- 65 described, further comprising secure verification means for 

vides a system for controlling access to a facility, comprising verifying said user's identity, and preferably also comprising 

a portable communicating device, a server means, and one encryption means for encrypting communications. 
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In a third aspect, the present invention provides a server preferably the Internet and preferably using wireless means, 

system for controlling access to a facility, comprising, with a server 107. The server 107 is provided with a database 

means for communicating over a network with one or more 108 containing access control and authorization data, 
access control means and a portable communicating means, xhc communication device 104 and the server 107 pref- 

receiving means for receiving access requests identifying a 5 erably implement a method for communicating securely 

user from said portable communicating means, data storage involving the same safeguards as are well-known in the field 

means for storing access control data, generating means for of electronic commerce, such as one of the secure digital 

generating access criteria from said access control data signature schemes that are widely known and used for 

according to said user's identity, and wherein said commu- verifying the identities of the parties to a secure electronic 
nicating means communicates said access criteria to at least lO transaction. Examples of such schemes are discrete log 

one of said access control means and said portable commu- signatures or hashed signature schemes, for example, MD-4, 

nicating means. MD-5 or the Secure Hash Algorithm (SHA). Such schemes 

In a fourth aspect, the present invention provides appa- allow an identifying signature to be securely generated and 

ratus for controlling access to a facility, comprising receiv- passed from the user to the server, so that the server can 
ing means for receiving access criteria communicated 15 verify the user's identity before processing the request for 

through a network, data storage means for storing said access. 

access criteria, and comparing means for comparing said xhe access control device 102 and the server 107 also 

access criteria with user input to grant or refuse access to preferably include means (preferably wireless means) for 

said facility. communicating securely over the network, which is prefer- 

The apparatus as described preferably further comprises ably the Internet; the secure communication means, for 

means for modifying said access criteria, and preferably example, using any of the well-known encryption schemes, 

further comprises means for deleting said access criteria such as the Data Encryption Standard (DES) algorithm, or 

after use by said user. public key encryption schemes such as RSA. 

In a fifth aspect, the present invention provides a method Thus, both the communication between the communica- 

Cor controlling access to a facility in a network comprising tion device 104 and the server 107 on the one hand, and 

a portable communications device, a server, and one or more between the server 107 and the access control device 102 are 

access control devices; the method comprising the steps of kept secure, and the identity of the user can be securely 

storing access control data, said server means receiving verified with a reduced risk of tampering during transmis- 

access requests identifying a user of said portable commu- sion of the identifying message. 

nicating means, generating within said server means access In one embodiment of the present invention, the user 

criteria from said access control data according to said user's interface 103 is a cipher lock. In this embodiment, the user 

identity, communicating said access criteria to at least one of identifies himself and the cipher lock to the server and 

said access control means and said portable communicating receives the cipher lock code from the server 107 via the 

means, and said access control permitting access responsive network 106. The cipher lock code is preferably sent in 

to said user satisfying said access criteria. A system for encrypted form and decrypted at the user's portable com- 

controlling access to a facility, comprising portable commu- munication device 104 before being displayed on the user 

nicating means for communicating through a network, interface 105 of the device 104. The user then enters the 

server means for receiving access requests from said por- cipher key numbers on the user interface 103 of the access 

table communicating means, data storage means available to control device 102. If the cipher lock is capable of receiving 

said server means for storing access control data, generating signals from the server, it is possible for a cipher lock code 

means within said server means for generating access to be sent from the server to the cipher lock, as well as to the 

criteria, and communicating means for communicating said user, thus allowing the code to be specially set for this user, 
access criteria from said server means to one or more access an alternative embodiment, the user interface 103 is 

control means, whereby said access control means permits capable of sensing biometric data, being provided with, for 

access responsive to a user satisfying said access criteria. example, a retinal scanner device or a fingerprint scanner or 

„ _ _ the like. Biometric sensors are well-known technologies for 

BRIEF DESCRIPTION OF THE DRAWINGS ^^^^^ ^^^^^^^^ ^-^^ ^^^^^^^^^ further here In this 

Embodiments of the present invention will now be embodiment, the server 107 sends biometric data capable of 
described by way of example, with reference to the 50 positively identifying the user to the access control device 
drawings in which* which in turn activates the biometric data sensor in its 

i' • ui 1 J- u • * 1 ^ user interface 103. The user is then invited either by the user 

FIG. 1 IS a block diagram showing a networked access ■ ^ r ... ■ ^ . . u . 

^ fuu- *• J- mterface 103 or by the user mterface 105 to present what- 

control system for buildmgs or secure containers according . . ., -l -t 

, ,u * • ever is required by the particular sensor in the user interface 

to the present invention. im r . i j • ir *i. ^ ^ . • 

\ . „ . . ^ ,55 103 of the access control device. If the sensed data is 

FIG. 2 IS a flow diagram showing the steps of a method matched correctly with the data supplied to the access 

of using a system according to the present invention. ^^^^^^i ^^^-^ ^^^^ permitted access 

DESCRIPTION OF THE PREFERRED ^^^^^Z^* , ^ c u u 

EMBODIMENTS clearly be seen from the above embodiments, the 

60 nature of the access criteria and the access control device 

In a first embodiment, shown in FIG. 1, a building, secure may vary, depending on the requirements of the particular 

area or container 101 is provided with an access control building or secure area or container. The present invention 

device 102, which has a user interface 103. A user has a advantageously removes the need for encoded badges, static 

communication device 104, such as a personal digital assis- passwords and the like, and also removes the need for users 
tant (PDA), which has a user interface 105. ITie access 65 to present themselves at a particular location, such as a 

control device 102 and the communication device 104 are security control office, before they can be granted access 

capable of communicating securely via a network 106, rights to a facility. Advantageously, also, new facilities can 
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be simply and quickly added to the system by modifying the 
data held at the server 107, rather than by physical changes 
to the cabling of the devices. If all the communications can 
be carried out using wireless means, this can represent cost 
savings as well as increased ease of use. 5 

After the user has been permitted access, in either of the 
previously described cases, the data in the access control 
device 102 can be reset; for example, the cipher setting or 
the biometric data can be deleted or reset to a default setting, lo 
In this way, the user can be permitted one-time access. This 
offers protection against an intruder who has, for example, 
observed a cipher lock setting being used and then reuses it 
to gain unauthorised access. 

Referring now additionally to FIG. 2, a user approaches 
the building, secure area or container 101 and finds the 
access control device 102, which is labelled with an iden- 
tifying code that uniquely identifies it. The identifying code 
shown on the access control device matches a code used as 20 
an index to access criteria recorded in the database 108. The 
access criteria determine which users or what class of users 
should be allowed to access the building, secure area or 
container. 

25 

The user operates a portable communication device 104, 
such as a personal digital assistant (PDA), to open the access 
control service web page on the Internet, using the Universal 
Resource Locator of the web page, and enters the identifying 
code with which the access control device was labelled. The 
user also transmits some identification information which 
can be recognised by the server 107 and used for secure 
identification. 'ITie server compares the identification infor- 
mation with the information held in the database 108 to 
determine whether the user belongs to a class of user 
permitted to access the building, secure area or container. If 
so, the server 107 transmits access criteria to the access 
control device and also transmits information or instructions 
to the user, through the user's communications device 104, 
to enable the user to satisfy the access criteria. On satisfying 
the access criteria, the user is granted access. 

In a further alternative embodiment of the present 
invention, a user, such as a child, wants to view a television 
programme or to browse Internet pages or the like by means 
of a computer. The television or computer is equipped with 45 
an access control device or subsystem, for example a set-top 
control box. The user has a portable communications device, 
such as a personal digital assistant, which is capable of 
communicating over a network, preferably the Internet, and 
preferably by wireless means. The user accesses the access 50 
control web page and enters information to be used for 
identification, llie server has an access control database for 
storing information for particular users including, for 
example, a permitted television programme ratings level for 
each user. The server checks the identity of the user, deter- 55 
mines the ratings level appropriate to that user, and transmits 
access control information to the access control device (in 
this example, the set- top controller box) to permit or deny 
access to particular programmes. By this means, a parent can 
leave a child in a room with the television set, knowing that 60 
the child's ratings level has been set up in the database, so 
that the child will not be able to watch programmes that have 
been determined to be unsuitable. Thus, each child can be 
protected from exposure to harmfiil or offensive material 
without constant close supervision. A similar mechanism 65 
can be used, for example, to protect children from unsuitable 
material accessed on the Internet or other computer systems. 
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What is claimed is: 

1. A system for controlling access to a facility, compris- 
ing: 

a portable communicating means, a server means, and one 
or more access control devices in communication 
across a network; 

data storage means available to said server means for 
storing access control data; 

said server means being adapted to receive access 
requests identifying a user of said portable communi- 
cating means and including: 

generating means within said server means for gener- 
ating access criteria from said access control data 
according to said user's identity; and 

communicating means for communicating said access 
criteria to at least one of said access control means 
and said portable communicating means; 

wherein said access control means is adapted to permit 
access responsive to said user satisfying said access 
criteria; and 

wherein said access control means includes a bio- 
metric security system and said access criteria 
include bio-metric data associated with said user and 
said communicating means communicates said bio- 
metric data from said server means to one or more 
access control means. 

2. A system as claimed in claim 1 wherein said commu- 
nicating means communicates instructions to operate said 
bio-metric security system to said portable communicating 
means. 

3. A system as claimed in claim 1 wherein said facility is 
a cipher locked door and said access criteria include a cipher 
lock code and said communicating means communicates 
said cipher lock code from said server means to said portable 
communicating means, 

4. A system as claimed in claim 3 wherein said generating 
means generates a cipher lock code each time access is to be 
permitted and said communicating means communicates 
said cipher lock code from said server means to said access 
control means. 

5. A system as claimed in claim 1 wherein said facility is 
a television set, said access control means is a set-top box 
and said access control data includes one or more user 
identities associated with ratings data and said communi- 
cating means communicates access criteria generated there- 
from from said server means to said access control device. 

6. Portable apparatus for obtaining access to a facility, 
said apparatus being adapted to communicate over a net- 
work; the apparatus comprising: 

display means for displaying an access control display 
screen; 

requesting means for requesting from a server access to a 
faciUty; and 

receiving means for receiving information from said 
server for use by a user to satisfy access control criteria. 

7. Portable apparatus as claimed in claim 6, wherein said 
network is the Interact, said display means is a browser, and 
said access control display screen is an Internet web page. 

8. Portable apparams as claimed in claim 6, further 
comprising secure verification means for verifying said 
user's identity. 

9. Portable apparatus as claimed in claim 6, further 
comprising encryption means for encrypting communica- 
tions. 

***** 
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